We present a novel method to measure the complexity of computer security visualization designs. The complexity is measured in terms of visual integration, number of separable dimensions for each visual unit, the compl...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
We present a novel method to measure the complexity of computer security visualization designs. The complexity is measured in terms of visual integration, number of separable dimensions for each visual unit, the complexity of interpreting the visual attributes, and the efficiency of visual search. visualization developers can use this method to quickly evaluate multiple design choices in the early stage of their design before any user study can be conducted. To demonstrate this method, we have conducted complexity analysis on two open source security visualization tools - TNV and RUMINT.
Network scans are a common first step in a network intrusion attempt. In order to gain information about a potential network intrusion, it is beneficial to analyze these network scans. Statistical methods such as wave...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
Network scans are a common first step in a network intrusion attempt. In order to gain information about a potential network intrusion, it is beneficial to analyze these network scans. Statistical methods such as wavelet scalogram analysis have been used along with visualization techniques in previous methods. However, applying these statistical methods causes a substantial amount of data loss. This paper presents a study of using associative memory learning techniques to directly compare network scans in order to create a classification which can be used by itself or in conjunction with existing visualization techniques to better characterize the sources of these scans. This produces an integrated system of visual and intelligent analysis which is applicable to real world data.
visualization research aims at providing insights into large, complex bodies of data. Topological methods are distinguished by their solid mathematical foundation, guiding the algorithmic analysis and its presentation...
ISBN:
(纸本)3540886052;9783540886051;9783540886068
visualization research aims at providing insights into large, complex bodies of data. Topological methods are distinguished by their solid mathematical foundation, guiding the algorithmic analysis and its presentation among the various visualization *** book contains 13 peer-reviewed papers resulting from the second workshop on "Topology-Based Methods in visualization", held 2007 in Grimma near Leipzig, Germany. All articles present original, unpublished work from leading experts. Together, these articles present the state of the art of topology-based visualization research.
This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review network telescope traffic and identify incidents of scan activity. Some of the identifi...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are critiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
This paper describes Isis, a system that uses progressive multiples of timelines and event plots to support the iterative investigation of intrusions by experienced analysts using network flow data. The visual represe...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
This paper describes Isis, a system that uses progressive multiples of timelines and event plots to support the iterative investigation of intrusions by experienced analysts using network flow data. The visual representations have been designed to make temporal relationships apparent, allow visual classification of events with dynamic brushing, and enable users to organize their visualizations to reveal traffic structure and patterns by reordering rows. Isis combines visual affordances with SQL to provide a flexible tool for investigation. We present an annotated case study using anonymized data of a real intrusion that demonstrates the features of Isis.
The primary goal of information security is to ensure the confidentiality, integrity, authenticity, and availability of information. Availability is often relegated to a discussion of denial of service attacks on netw...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
The primary goal of information security is to ensure the confidentiality, integrity, authenticity, and availability of information. Availability is often relegated to a discussion of denial of service attacks on network resources. Another form of denying availability is to prevent communication through the use of traditional jamming techniques. At the United States Air Force Academy Center for Information Security, we have been working on a new algorithm, BBC, which is based on a new type of coding theory known as concurrent codes that is resistant to traditional jamming techniques. While the formal definition and proofs of concurrent codes can be daunting, the algorithm's effectiveness can be easily conveyed and appreciated through visual demonstration. This paper briefly introduces concurrent codes and describes an interactive applet that visually demonstrates the algorithm's effectiveness in a noisy environment.
Network security is the complicated field of controlling access within a computer network. One of the difficulties in network security is detecting the presence, severity, and type of a network attack. Knowledge of su...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
Network security is the complicated field of controlling access within a computer network. One of the difficulties in network security is detecting the presence, severity, and type of a network attack. Knowledge of such an attack is used to mitigate its damage and prevent such attacks from occurring in the future. We present a new visualization of a computer network for security purposes by approaching the problem from a service-oriented perspective. This approach involves a node graph visualization where each node is represented as a compound glyph, which gives details about the network activity for the specific node based upon its service usage. Furthermore, we visualize temporal activity using time slicing techniques in the compound glyph to give more details about the network and allow interactive controls for an administrator to actively monitor a network in order to react to security events quickly. Our resulting visualizations of networks successfully identified and described denial of service (DoS) and compromised network attacks.
This paper reports on investigations of how computer network defense (CND) analysts conduct their analysis on a day-to-day basis and discusses the implications of these cognitive requirements for designing effective C...
详细信息
ISBN:
(纸本)9783540782421
This paper reports on investigations of how computer network defense (CND) analysts conduct their analysis on a day-to-day basis and discusses the implications of these cognitive requirements for designing effective CND visualizations. The supporting data come from a cognitive task analysis (CTA) conducted to baseline the state of the practice in the U.S. Department of Defense CND community. The CTA collected data from CND analysts about their analytic goals, workflow, tasks, types of decisions made, data sources used to make those decisions, cognitive demands, tools used and the biggest challenges that they face. The effort focused on understanding how CND analysts inspect raw data and build their comprehension into a diagnosis or decision, especially in cases requiring data fusion and correlation across multiple data sources. This paper covers three of the fiDdings from the CND CTA: (1) the hierarchy of data created as the analytical process transforms data into security situation awareness;(2) the definition and description of different CND analysis roles;and (3) the workflow that analysts and analytical organizations engage in to produce analytic conclusions.
Network testbeds are indispensable for developing and testing information operations (10) technologies. Lincoln Laboratory has been developing LARIAT to support 10 test design, development, and execution with high-fid...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
Network testbeds are indispensable for developing and testing information operations (10) technologies. Lincoln Laboratory has been developing LARIAT to support 10 test design, development, and execution with high-fidelity user simulations. As LARIAT becomes more advanced, enabling larger and more realistic and complex tests, effective management software has proven essential. In this paper, we present the Director, a graphical user interface that enables experimenters to quickly define, control, and monitor reliable 10 tests on a LARIAT testbed. We describe how the interface simplifies these key elements of testbed operation by providing the experimenter with an appropriate system abstraction, support for basic and advanced usage, scalable performance and visualization in large networks, and interpretable and correct feedback.
To effectively identify and respond to cyber threats, computer security analysts must understand the scale, motivation, methods, source, and target of an attack. Central to developing this situational awareness is the...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
To effectively identify and respond to cyber threats, computer security analysts must understand the scale, motivation, methods, source, and target of an attack. Central to developing this situational awareness is the analyst's world knowledge that puts these attributes in context. What known exploits or new vulnerabilities might an anomalous traffic pattern suggest? What organizational, social, or geopolitical events help forecast or explain attacks and anomalies? Few visualization tools support creating, maintaining, and applying this knowledge of the threat landscape. Through a series of formative workshops with practicing security analysts, we have developed a visualization approach inspired by the human process of contextualization;this system, called NUANCE, creates evolving behavioral models of network actors at organizational and regional levels, continuously monitors external textual information sources for themes that indicate security threats, and automatically determines if behavior indicative of those threats is present on a network.
暂无评论